Millions of Android devices infected with Judy Malware

I am sure many of you remember the malicious WannaCry ransomware attack. This attack was observed around the globe hitting government departments, universities and companies in many countries. Here is another malware campaign discovered by Check Point called ‘The Judy Malware‘. As per a report from Check Point, this malware is now infecting millions of Android smartphones around the globe. It is also reported that millions of android devices are infected with Judy malware and the count is around 36.5 million devices. Check point says this is the largest malware campaign found on Google Play store.

Google has already punched out the malicious Judy app from it’s store. The malware was found in total of 41 apps in the Store. This is a big count and I believe this has alerted Google to carry out further research on such malware. All the apps were published by a Korean publisher named ENISTUDIO Corp. This company develops applications for both Android and IOS platforms. Surprisingly these apps were present in google store since long time. Nobody knows when and with what update the malware was added to these apps. The below screenshot is an example of app that contained the malware.

How does Judy Malware infect Android phones?

When a user installs this app, it quietly registers receivers which establishes a connection with the C&C server. Once the connection is established the server initiates sending malicious payload. This payload contains JavaScript code, a user-agent string and URLs specified by coder. When the user opens the app, the malware opens the malicious URLs specified in the code. In the next step the user agent brings up a browser in a hidden webpage and redirects to another website. The user doesn’t know what’s actually happening in the background. In the next few seconds advertisements pop up. Clicking the ads provides revenues to the malware author. In conclusion i want to provide some tips to avoid such malwares that infect your phones.